The vulnerability is caused due to an integer underflow error in the FTP service (filecpnt.exe) when processing directory arguments passed to certain FTP commands (e.g. "CWD", "DELE", "MDTM", and "MKD"). This can be exploited to cause a stack-based buffer overflow by passing a specially crafted, overly long argument to one of the affected FTP commands.